Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
libvirt
提交
038b434f
L
libvirt
项目概览
openeuler
/
libvirt
通知
3
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
L
libvirt
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
038b434f
编写于
3月 28, 2008
作者:
D
Daniel P. Berrange
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Added patches for routed networking from Mads Chr. Olesen
上级
924de9c3
变更
8
隐藏空白更改
内联
并排
Showing
8 changed file
with
222 addition
and
49 deletion
+222
-49
AUTHORS
AUTHORS
+1
-0
ChangeLog
ChangeLog
+11
-1
docs/network.rng
docs/network.rng
+8
-0
src/iptables.c
src/iptables.c
+72
-1
src/iptables.h
src/iptables.h
+9
-0
src/qemu_conf.c
src/qemu_conf.c
+14
-3
src/qemu_conf.h
src/qemu_conf.h
+7
-0
src/qemu_driver.c
src/qemu_driver.c
+100
-44
未找到文件。
AUTHORS
浏览文件 @
038b434f
...
@@ -40,6 +40,7 @@ Patches have also been contributed by:
...
@@ -40,6 +40,7 @@ Patches have also been contributed by:
Chris Lalancette <clalance@redhat.com>
Chris Lalancette <clalance@redhat.com>
Guido Guenther <agx@sigxcpu.org>
Guido Guenther <agx@sigxcpu.org>
Daniel Hokka Zakrisson <daniel@hozac.com>
Daniel Hokka Zakrisson <daniel@hozac.com>
Mads Chr. Olesen <shiyee@shiyee.dk>
[....send patches to get your name here....]
[....send patches to get your name here....]
...
...
ChangeLog
浏览文件 @
038b434f
Fri Mar 27 13:55:56 EDT 2008 Daniel P. Berrange <berrange@redhat.com>
Fri Mar 28 16:34:56 EDT 2008 Daniel P. Berrange <berrange@redhat.com>
* src/network.rng: Add new routed networking schema
* src/iptables.c, src/iptables.h: Add iptablesAddForwardAllowRelatedIn
and iptablesRemoveForwardAllowRelatedIn
* src/qemu_conf.h: Add attribute for routed networking
* src/qemu_conf.c: Parse / format new networking attributes
* src/qemu_driver.c: Support routed networking config
(patches from Mads Chr. Olesen)
Fri Mar 28 13:55:56 EDT 2008 Daniel P. Berrange <berrange@redhat.com>
* src/storage_conf.c: Fix XML output tag for FS storage pools
* src/storage_conf.c: Fix XML output tag for FS storage pools
directory path
directory path
...
...
docs/network.rng
浏览文件 @
038b434f
...
@@ -56,6 +56,14 @@
...
@@ -56,6 +56,14 @@
rest of the network -->
rest of the network -->
<element name="forward">
<element name="forward">
<optional><attribute name="dev"><text/></attribute></optional>
<optional><attribute name="dev"><text/></attribute></optional>
<optional>
<attribute name="mode">
<choice>
<value>nat</value>
<value>routed</value>
</choice>
</attribute>
</optional>
</element>
</element>
</optional>
</optional>
</element>
</element>
src/iptables.c
浏览文件 @
038b434f
...
@@ -793,7 +793,7 @@ iptablesRemoveForwardAllowOut(iptablesContext *ctx,
...
@@ -793,7 +793,7 @@ iptablesRemoveForwardAllowOut(iptablesContext *ctx,
* and associated with an existing connection
* and associated with an existing connection
*/
*/
static
int
static
int
iptablesForwardAllowIn
(
iptablesContext
*
ctx
,
iptablesForwardAllow
Related
In
(
iptablesContext
*
ctx
,
const
char
*
network
,
const
char
*
network
,
const
char
*
iface
,
const
char
*
iface
,
const
char
*
physdev
,
const
char
*
physdev
,
...
@@ -821,6 +821,77 @@ iptablesForwardAllowIn(iptablesContext *ctx,
...
@@ -821,6 +821,77 @@ iptablesForwardAllowIn(iptablesContext *ctx,
}
}
}
}
/**
* iptablesAddForwardAllowRelatedIn:
* @ctx: pointer to the IP table context
* @network: the source network name
* @iface: the output interface name
* @physdev: the physical input device or NULL
*
* Add rules to the IP table context to allow the traffic for the
* network @network on @physdev device to be forwarded to
* interface @iface, if it is part of an existing connection.
*
* Returns 0 in case of success or an error code otherwise
*/
int
iptablesAddForwardAllowRelatedIn
(
iptablesContext
*
ctx
,
const
char
*
network
,
const
char
*
iface
,
const
char
*
physdev
)
{
return
iptablesForwardAllowRelatedIn
(
ctx
,
network
,
iface
,
physdev
,
ADD
);
}
/**
* iptablesRemoveForwardAllowRelatedIn:
* @ctx: pointer to the IP table context
* @network: the source network name
* @iface: the output interface name
* @physdev: the physical input device or NULL
*
* Remove rules from the IP table context hence forbidding the traffic for
* network @network on @physdev device to be forwarded to
* interface @iface, if it is part of an existing connection.
*
* Returns 0 in case of success or an error code otherwise
*/
int
iptablesRemoveForwardAllowRelatedIn
(
iptablesContext
*
ctx
,
const
char
*
network
,
const
char
*
iface
,
const
char
*
physdev
)
{
return
iptablesForwardAllowRelatedIn
(
ctx
,
network
,
iface
,
physdev
,
REMOVE
);
}
/* Allow all traffic destined to the bridge, with a valid network address
*/
static
int
iptablesForwardAllowIn
(
iptablesContext
*
ctx
,
const
char
*
network
,
const
char
*
iface
,
const
char
*
physdev
,
int
action
)
{
if
(
physdev
&&
physdev
[
0
])
{
return
iptablesAddRemoveRule
(
ctx
->
forward_filter
,
action
,
"--destination"
,
network
,
"--in-interface"
,
physdev
,
"--out-interface"
,
iface
,
"--jump"
,
"ACCEPT"
,
NULL
);
}
else
{
return
iptablesAddRemoveRule
(
ctx
->
forward_filter
,
action
,
"--destination"
,
network
,
"--out-interface"
,
iface
,
"--jump"
,
"ACCEPT"
,
NULL
);
}
}
/**
/**
* iptablesAddForwardAllowIn:
* iptablesAddForwardAllowIn:
* @ctx: pointer to the IP table context
* @ctx: pointer to the IP table context
...
...
src/iptables.h
浏览文件 @
038b434f
...
@@ -55,6 +55,15 @@ int iptablesRemoveForwardAllowOut (iptablesContext *ctx,
...
@@ -55,6 +55,15 @@ int iptablesRemoveForwardAllowOut (iptablesContext *ctx,
const
char
*
iface
,
const
char
*
iface
,
const
char
*
physdev
);
const
char
*
physdev
);
int
iptablesAddForwardAllowRelatedIn
(
iptablesContext
*
ctx
,
const
char
*
network
,
const
char
*
iface
,
const
char
*
physdev
);
int
iptablesRemoveForwardAllowRelatedIn
(
iptablesContext
*
ctx
,
const
char
*
network
,
const
char
*
iface
,
const
char
*
physdev
);
int
iptablesAddForwardAllowIn
(
iptablesContext
*
ctx
,
int
iptablesAddForwardAllowIn
(
iptablesContext
*
ctx
,
const
char
*
network
,
const
char
*
network
,
const
char
*
iface
,
const
char
*
iface
,
...
...
src/qemu_conf.c
浏览文件 @
038b434f
...
@@ -2521,6 +2521,17 @@ static struct qemud_network_def *qemudParseNetworkXML(virConnectPtr conn,
...
@@ -2521,6 +2521,17 @@ static struct qemud_network_def *qemudParseNetworkXML(virConnectPtr conn,
}
}
def
->
forward
=
1
;
def
->
forward
=
1
;
tmp
=
xmlXPathEval
(
BAD_CAST
"string(/network/forward[1]/@mode)"
,
ctxt
);
if
((
tmp
!=
NULL
)
&&
(
tmp
->
type
==
XPATH_STRING
)
&&
(
tmp
->
stringval
!=
NULL
)
&&
(
xmlStrEqual
(
tmp
->
stringval
,
BAD_CAST
"route"
)))
{
def
->
forwardMode
=
QEMUD_NET_FORWARD_ROUTE
;
}
else
{
def
->
forwardMode
=
QEMUD_NET_FORWARD_NAT
;
}
xmlXPathFreeObject
(
tmp
);
tmp
=
NULL
;
tmp
=
xmlXPathEval
(
BAD_CAST
"string(/network/forward[1]/@dev)"
,
ctxt
);
tmp
=
xmlXPathEval
(
BAD_CAST
"string(/network/forward[1]/@dev)"
,
ctxt
);
if
((
tmp
!=
NULL
)
&&
(
tmp
->
type
==
XPATH_STRING
)
&&
if
((
tmp
!=
NULL
)
&&
(
tmp
->
type
==
XPATH_STRING
)
&&
(
tmp
->
stringval
!=
NULL
)
&&
(
tmp
->
stringval
[
0
]
!=
0
))
{
(
tmp
->
stringval
!=
NULL
)
&&
(
tmp
->
stringval
[
0
]
!=
0
))
{
...
@@ -3160,10 +3171,10 @@ char *qemudGenerateNetworkXML(virConnectPtr conn,
...
@@ -3160,10 +3171,10 @@ char *qemudGenerateNetworkXML(virConnectPtr conn,
if
(
def
->
forward
)
{
if
(
def
->
forward
)
{
if
(
def
->
forwardDev
[
0
])
{
if
(
def
->
forwardDev
[
0
])
{
virBufferVSprintf
(
buf
,
" <forward dev='%s'/>
\n
"
,
virBufferVSprintf
(
buf
,
" <forward dev='%s'
mode='%s'
/>
\n
"
,
def
->
forwardDev
);
def
->
forwardDev
,
(
def
->
forwardMode
==
QEMUD_NET_FORWARD_ROUTE
?
"route"
:
"nat"
)
);
}
else
{
}
else
{
virBuffer
AddLit
(
buf
,
" <forward/>
\n
"
);
virBuffer
VSprintf
(
buf
,
" <forward mode='%s'/>
\n
"
,
(
def
->
forwardMode
==
QEMUD_NET_FORWARD_ROUTE
?
"route"
:
"nat"
)
);
}
}
}
}
...
...
src/qemu_conf.h
浏览文件 @
038b434f
...
@@ -83,6 +83,12 @@ enum qemud_vm_net_type {
...
@@ -83,6 +83,12 @@ enum qemud_vm_net_type {
QEMUD_NET_BRIDGE
,
QEMUD_NET_BRIDGE
,
};
};
/* 2 possible types of forwarding */
enum
qemud_vm_net_forward_type
{
QEMUD_NET_FORWARD_NAT
,
QEMUD_NET_FORWARD_ROUTE
,
};
#define QEMUD_MAX_NAME_LEN 50
#define QEMUD_MAX_NAME_LEN 50
#define QEMUD_MAX_XML_LEN 4096
#define QEMUD_MAX_XML_LEN 4096
#define QEMUD_MAX_ERROR_LEN 1024
#define QEMUD_MAX_ERROR_LEN 1024
...
@@ -266,6 +272,7 @@ struct qemud_network_def {
...
@@ -266,6 +272,7 @@ struct qemud_network_def {
int
forwardDelay
;
int
forwardDelay
;
int
forward
;
int
forward
;
int
forwardMode
;
/* From qemud_vm_net_forward_type */
char
forwardDev
[
BR_IFNAME_MAXLEN
];
char
forwardDev
[
BR_IFNAME_MAXLEN
];
char
ipAddress
[
BR_INET_ADDR_MAXLEN
];
char
ipAddress
[
BR_INET_ADDR_MAXLEN
];
...
...
src/qemu_driver.c
浏览文件 @
038b434f
...
@@ -948,6 +948,98 @@ dhcpStartDhcpDaemon(virConnectPtr conn,
...
@@ -948,6 +948,98 @@ dhcpStartDhcpDaemon(virConnectPtr conn,
return
ret
;
return
ret
;
}
}
static
int
qemudAddMasqueradingIptablesRules
(
virConnectPtr
conn
,
struct
qemud_driver
*
driver
,
struct
qemud_network
*
network
)
{
int
err
;
/* allow forwarding packets from the bridge interface */
if
((
err
=
iptablesAddForwardAllowOut
(
driver
->
iptables
,
network
->
def
->
network
,
network
->
bridge
,
network
->
def
->
forwardDev
)))
{
qemudReportError
(
conn
,
NULL
,
NULL
,
VIR_ERR_INTERNAL_ERROR
,
_
(
"failed to add iptables rule to allow forwarding from '%s' : %s
\n
"
),
network
->
bridge
,
strerror
(
err
));
goto
masqerr1
;
}
/* allow forwarding packets to the bridge interface if they are part of an existing connection */
if
((
err
=
iptablesAddForwardAllowRelatedIn
(
driver
->
iptables
,
network
->
def
->
network
,
network
->
bridge
,
network
->
def
->
forwardDev
)))
{
qemudReportError
(
conn
,
NULL
,
NULL
,
VIR_ERR_INTERNAL_ERROR
,
_
(
"failed to add iptables rule to allow forwarding to '%s' : %s
\n
"
),
network
->
bridge
,
strerror
(
err
));
goto
masqerr2
;
}
/* enable masquerading */
if
((
err
=
iptablesAddForwardMasquerade
(
driver
->
iptables
,
network
->
def
->
network
,
network
->
def
->
forwardDev
)))
{
qemudReportError
(
conn
,
NULL
,
NULL
,
VIR_ERR_INTERNAL_ERROR
,
_
(
"failed to add iptables rule to enable masquerading : %s
\n
"
),
strerror
(
err
));
goto
masqerr3
;
}
return
1
;
masqerr3:
iptablesRemoveForwardAllowRelatedIn
(
driver
->
iptables
,
network
->
def
->
network
,
network
->
bridge
,
network
->
def
->
forwardDev
);
masqerr2:
iptablesRemoveForwardAllowOut
(
driver
->
iptables
,
network
->
def
->
network
,
network
->
bridge
,
network
->
def
->
forwardDev
);
masqerr1:
return
0
;
}
static
int
qemudAddRoutingIptablesRules
(
virConnectPtr
conn
,
struct
qemud_driver
*
driver
,
struct
qemud_network
*
network
)
{
int
err
;
/* allow routing packets from the bridge interface */
if
((
err
=
iptablesAddForwardAllowOut
(
driver
->
iptables
,
network
->
def
->
network
,
network
->
bridge
,
network
->
def
->
forwardDev
)))
{
qemudReportError
(
conn
,
NULL
,
NULL
,
VIR_ERR_INTERNAL_ERROR
,
_
(
"failed to add iptables rule to allow routing from '%s' : %s
\n
"
),
network
->
bridge
,
strerror
(
err
));
goto
routeerr1
;
}
/* allow routing packets to the bridge interface */
if
((
err
=
iptablesAddForwardAllowIn
(
driver
->
iptables
,
network
->
def
->
network
,
network
->
bridge
,
network
->
def
->
forwardDev
)))
{
qemudReportError
(
conn
,
NULL
,
NULL
,
VIR_ERR_INTERNAL_ERROR
,
_
(
"failed to add iptables rule to allow routing to '%s' : %s
\n
"
),
network
->
bridge
,
strerror
(
err
));
goto
routeerr2
;
}
return
1
;
routeerr2:
iptablesRemoveForwardAllowOut
(
driver
->
iptables
,
network
->
def
->
network
,
network
->
bridge
,
network
->
def
->
forwardDev
);
routeerr1:
return
0
;
}
static
int
static
int
qemudAddIptablesRules
(
virConnectPtr
conn
,
qemudAddIptablesRules
(
virConnectPtr
conn
,
struct
qemud_driver
*
driver
,
struct
qemud_driver
*
driver
,
...
@@ -1023,53 +1115,17 @@ qemudAddIptablesRules(virConnectPtr conn,
...
@@ -1023,53 +1115,17 @@ qemudAddIptablesRules(virConnectPtr conn,
return
1
;
return
1
;
}
}
/* allow forwarding packets from the bridge interface */
/* If masquerading is enabled, set up the rules*/
if
((
err
=
iptablesAddForwardAllowOut
(
driver
->
iptables
,
if
(
network
->
def
->
forwardMode
==
QEMUD_NET_FORWARD_NAT
)
{
network
->
def
->
network
,
if
(
qemudAddMasqueradingIptablesRules
(
conn
,
driver
,
network
))
network
->
bridge
,
return
1
;
network
->
def
->
forwardDev
)))
{
qemudReportError
(
conn
,
NULL
,
NULL
,
VIR_ERR_INTERNAL_ERROR
,
_
(
"failed to add iptables rule to allow forwarding from '%s' : %s"
),
network
->
bridge
,
strerror
(
err
));
goto
err8
;
}
/* allow forwarding packets to the bridge interface if they are part of an existing connection */
if
((
err
=
iptablesAddForwardAllowIn
(
driver
->
iptables
,
network
->
def
->
network
,
network
->
bridge
,
network
->
def
->
forwardDev
)))
{
qemudReportError
(
conn
,
NULL
,
NULL
,
VIR_ERR_INTERNAL_ERROR
,
_
(
"failed to add iptables rule to allow forwarding to '%s' : %s"
),
network
->
bridge
,
strerror
(
err
));
goto
err9
;
}
}
/* else if routing is enabled, set up the rules*/
/* enable masquerading */
else
if
(
network
->
def
->
forwardMode
==
QEMUD_NET_FORWARD_ROUTE
)
{
if
((
err
=
iptablesAddForwardMasquerade
(
driver
->
iptables
,
if
(
qemudAddRoutingIptablesRules
(
conn
,
driver
,
network
))
network
->
def
->
network
,
return
1
;
network
->
def
->
forwardDev
)))
{
qemudReportError
(
conn
,
NULL
,
NULL
,
VIR_ERR_INTERNAL_ERROR
,
_
(
"failed to add iptables rule to enable masquerading : %s"
),
strerror
(
err
));
goto
err10
;
}
}
iptablesSaveRules
(
driver
->
iptables
);
return
1
;
err10:
iptablesRemoveForwardAllowIn
(
driver
->
iptables
,
network
->
def
->
network
,
network
->
bridge
,
network
->
def
->
forwardDev
);
err9:
iptablesRemoveForwardAllowOut
(
driver
->
iptables
,
network
->
def
->
network
,
network
->
bridge
,
network
->
def
->
forwardDev
);
err8:
iptablesRemoveForwardAllowCross
(
driver
->
iptables
,
iptablesRemoveForwardAllowCross
(
driver
->
iptables
,
network
->
bridge
);
network
->
bridge
);
err7:
err7:
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录